Security Stronghold security made easy

Remove W32.Mydoom.V@mm Using instuctions below

W32.Mydoom.V@mm is classified as computer worm. As any other worm W32.Mydoom.V@mm is self-copying and replicating threat and it gets to your PC through local or global network. And the you will get the most imact on your network and internet connection. Worms are not easy to remove and we advise you to download WiperSoft Antispyware Malware Remediation Tool or ask our specialists for help. Otherwise use this manual guide to remove W32.Mydoom.V@mm

For our customers who own one of our products we provide FREE help in removing W32.Mydoom.V@mm redeeming problems connected with W32.Mydoom.V@mm in case our software didn't help!

If you are customer and W32.Mydoom.V@mm Removal Tool can't detect the problem - fill in the form below. Our support staff will contact you in several minutes and give a step-by-step guide on how to get rid of W32.Mydoom.V@mm. In complex cases specialist will connect your PC and remove threat manually. Mention that we guarantee removal of W32.Mydoom.V@mm.

Click to ask professional of W32.Mydoom.V@mm solution

Try to describe your problem step-by-step. Attach suspicious files:

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed description:
Attach suspicious file:
Here you can attach file you suspect to be worm or source of problem. If you want to attach several files, put them into one archive and attach it instead.

We'll contact you back in several minutes after you click on this button.

We guarantee individual solution !

 

It is important:

  1. We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you W32.Mydoom.V@mm removal solution.
  2. All fields of this form are obligatory.

Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team.

If you want to learn more about the W32.Mydoom.V@mm use links below :

* Description of W32.Mydoom.V@mm. Some technical details of W32.Mydoom.V@mm infectionl.

* Remove W32.Mydoom.V@mm by hand for free using special instuctions.

* Download program that will delete W32.Mydoom.V@mm automatically.

* Instant professional support in removing W32.Mydoom.V@mm from your computer by our Security Support Team.


Threat indicator: HIGH

Technical details of the threat

Name of the threat:

Command or file name:

Threat type:

Affected OS:

W32.Mydoom.V@mm

Cnfgldr.exe

Worm

Win32 (Windows 9x, Windows XP, Windows Vista, Windows 7, Windows 8)


W32.Mydoom.V@mm gets on a PC through fraud of the consumer or through operating of applications fragilities, so, you need to remove W32.Mydoom.V@mm fast as can. Customary, W32.Mydoom.V@mm wormy computer does not give the contagion to other machines. But this doesn't compel W32.Mydoom.V@mm less malicious than viruses and its absolute necessity to remove W32.Mydoom.V@mm less urgent. Some users contact help to perfect W32.Mydoom.V@mm removal or install W32.Mydoom.V@mm removal tools or even gain new computers. W32.Mydoom.V@mm is hardly alone on wormy machine that defines necessity to remove W32.Mydoom.V@mm and other sorts of malicious programs. Other W32.Mydoom.V@mm sources treat rootkit approachs to preclude detection and W32.Mydoom.V@mm removal by W32.Mydoom.V@mm removal tools. In Windows Vista the problem with W32.Mydoom.V@mm removal or W32.Mydoom.V@mm removal tool installation was tried to be spared by default reduced consumer privileges.


How W32.Mydoom.V@mm infected your PC?

W32.Mydoom.V@mm copies its file(s) to your hard drive. Its typical file name is Cnfgldr.exe (if it is not using random names for executable files). Then it records in startup key with name W32.Mydoom.V@mm and value Cnfgldr.exe. You can also find it in your processes list with name Cnfgldr.exe or W32.Mydoom.V@mm. Usually W32.Mydoom.V@mm influences your internet or network connection. If you have any additional questions about W32.Mydoom.V@mm, please ask them in the form above and we'll contact you as soon as possible.

Download Wipersoft Antispyware

Download this advanced removal tool and solve problems with W32.Mydoom.V@mm and Cnfgldr.exe (download of fix will start immediately):

Download WiperSoft Antispyware to remove W32.Mydoom.V@mm

* WiperSoft Antispyware was developed to remove threats like W32.Mydoom.V@mm in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

Features of WiperSoft Antispyware

* Removes all files created by viruses.

* Removes all registry entries created by viruses.

* You can activate System and Network Guards and forget about malware.

* Can fix browser problems and protect browser settings.

* Removal is guaranteed - if Wipersoft fails ask for FREE support.

* 24/7 Spyware Helpdesk Support included into the package.


Download Spyhunter Remediation Tool by Enigma Software

Download antimalware designed specifically to remove threats like W32.Mydoom.V@mm and Cnfgldr.exe (download of fix will start immediately):

Download AntiMalware to remove W32.Mydoom.V@mm

Features of Spyhunter Remediation Tool

* Removes all files created by W32.Mydoom.V@mm.

* Removes all registry entries created by W32.Mydoom.V@mm.

* Fixes browser redirection and hijack if needed.

* "Toolbar Remover" tool will help you get rid of unwanted browser extensions.

* Removal is guaranteed - if Spyhunter Remediation Tool fails ask for FREE support.

* 24/7 Helpdesk Support and 5 hours of Remote Support via GoToAssist included into the package.

Manual Solution


How to delete W32.Mydoom.V@mm files, folders, and registry keys?

Manually deleting registry keys folder and files belonging to W32.Mydoom.V@mm usually helps to get rid of it but to be sure you need to remove malicious process from startup and unregistering all corresponding DLLs as W32.Mydoom.V@mm can restore itself. Missing DLL's corrupted by W32.Mydoom.V@mm can be replaced by original from you Windows CD.

To remove W32.Mydoom.V@mm once and forever, you need:

1. Prevent the following processes from running and delete the appropriate files:

  • WIN32S.EXE

Warning: you should delete only files located in mentioned folders and exactly with the names that are listed. Sometimes there may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool that provides safe problem solution.

**Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft.

2. Remove the following malicious folders:

no information

3. Remove the following malicious registry entries and\or values using Registry Editor:

no information

Here are the descriptions of problems connected with W32.Mydoom.V@mm and Cnfgldr.exe we received earlier:

Problem Summary: MyDoom Virus Problem

I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.

ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\documents and settings\comp3\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\drivers\ati6hjxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI6HJXX
-------\Legacy_icf
-------\Legacy_TCPSR
-------\Service_ati6hjxx
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\program files\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\documents and settings\comp3\Application Data\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\documents and settings\comp3\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\documents and settings\comp3\Application Data\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\program files\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\comp3\Application Data\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\windows\system32\drivers\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\documents and settings\All Users\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\windows\system32\drivers\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\windows\system32\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\documents and settings\comp3\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\documents and settings\All Users\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\windows\system32\drivers\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\program files\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\windows\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\program files\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\program files\Common Files\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\windows\system32\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\program files\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\program files\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\program files\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\program files\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\windows\system32\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\windows\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\documents and settings\comp3\Application Data\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\documents and settings\comp3\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\windows\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\windows\system32\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\windows\system32\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\program files\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\program files\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\program files\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\windows\system32\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\program files\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\windows\system32\drivers\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\program files\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\documents and settings\comp3\Application Data\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\documents and settings\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\documents and settings\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\program files\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\documents and settings\comp3\Application Data\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\program files\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\documents and settings\comp3\Application Data\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\windows\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\program files\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\program files\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\windows\system32\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\documents and settings\comp3\Application Data\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\documents and settings\comp3\Application Data\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\documents and settings\comp3\Application Data\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\documents and settings\comp3\Application Data\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\program files\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\program files\WinHTTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\documents and settings\comp3\Application Data\uTorrent
2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\program files\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\program files\Safari
2009-02-20 08:01 --------- d-----w c:\program files\Macromedia
2009-02-20 08:01 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 12:59 --------- d-----w c:\program files\uTorrent
2009-02-10 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-10 06:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 06:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\program files\VideoLAN
2009-02-09 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\program files\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\comp3\Application Data\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 05:17 --------- d-----w c:\program files\Opera
2009-02-09 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-08 06:58 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\documents and settings\comp3\Application Data\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\windows\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\program files\Realtek
2009-02-05 07:38 --------- d-----w c:\documents and settings\comp3\Application Data\InstallShield
2009-02-05 07:34 --------- d-----w c:\program files\Intel
2009-02-05 07:28 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-03 1234712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\comp3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-02-05 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56795:TCP"= 56795:TCP:BuildIntel SystemSpeech
"25551:TCP"= 25551:TCP:BuildIntel PackagesGames
"47906:TCP"= 47906:TCP:BuildIntel Microsofttwain
"14747:UDP"= 14747:UDP:BuildIntel OptionsOptions
"12180:TCP"= 12180:TCP:BuildIntel MakerVideo
"35691:UDP"= 35691:UDP:BuildIntel Documentswinsxs
"30545:UDP"= 30545:UDP:BuildIntel OfficeDownloaded
"15919:UDP"= 15919:UDP:BuildIntel Documentsinf

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\progra~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe
MSConfigStartUp-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\documents and settings\comp3\Application Data\Mozilla\Firefox\Profiles\6blig0c1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\comp3\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MASTER]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe\" -s:MSSQL.5 -f:MASTER"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MYMATE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:MYMATE"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$SQLEXPRESS_MAS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe\" -s:MSSQL.3 -f:SQLEXPRESS_MAS"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\2262f094]
"ImagePath"="\SystemRoot\System32\drivers\2262f094.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32mon]
"ServiceDll"="c:\windows\system32\rmtrx.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\comp3\temp\TeamViewer\Version4\TeamViewer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30

Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289

Problem was successfully solved. Ticket was closed.

Problem Summary: MyDoom Virus Problem

I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.

ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\documents and settings\comp3\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\drivers\ati6hjxx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI6HJXX
-------\Legacy_icf
-------\Legacy_TCPSR
-------\Service_ati6hjxx
-------\Service_tcpsr


((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\program files\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\documents and settings\comp3\Application Data\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\documents and settings\comp3\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\documents and settings\comp3\Application Data\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\program files\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\comp3\Application Data\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\windows\system32\drivers\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\documents and settings\All Users\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\windows\system32\drivers\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\windows\system32\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\documents and settings\comp3\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\documents and settings\All Users\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\windows\system32\drivers\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\program files\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\windows\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\program files\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\program files\Common Files\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\windows\system32\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\program files\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\program files\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\program files\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\program files\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\windows\system32\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\windows\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\documents and settings\comp3\Application Data\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\documents and settings\comp3\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\windows\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\windows\system32\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\windows\system32\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\program files\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\program files\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\program files\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\windows\system32\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\program files\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\windows\system32\drivers\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\program files\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\documents and settings\comp3\Application Data\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\documents and settings\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\documents and settings\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\program files\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\documents and settings\comp3\Application Data\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\program files\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\documents and settings\comp3\Application Data\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\windows\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\program files\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\program files\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\windows\system32\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\documents and settings\comp3\Application Data\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\documents and settings\comp3\Application Data\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\documents and settings\comp3\Application Data\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\documents and settings\comp3\Application Data\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\program files\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\program files\WinHTTrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\documents and settings\comp3\Application Data\uTorrent
2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\program files\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\program files\Safari
2009-02-20 08:01 --------- d-----w c:\program files\Macromedia
2009-02-20 08:01 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 12:59 --------- d-----w c:\program files\uTorrent
2009-02-10 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-10 06:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 06:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\program files\VideoLAN
2009-02-09 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\program files\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\comp3\Application Data\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 05:17 --------- d-----w c:\program files\Opera
2009-02-09 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-08 06:58 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\documents and settings\comp3\Application Data\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\windows\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\program files\Realtek
2009-02-05 07:38 --------- d-----w c:\documents and settings\comp3\Application Data\InstallShield
2009-02-05 07:34 --------- d-----w c:\program files\Intel
2009-02-05 07:28 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-03 1234712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 c:\windows\RTHDCPL.exe]

c:\documents and settings\comp3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-02-05 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56795:TCP"= 56795:TCP:BuildIntel SystemSpeech
"25551:TCP"= 25551:TCP:BuildIntel PackagesGames
"47906:TCP"= 47906:TCP:BuildIntel Microsofttwain
"14747:UDP"= 14747:UDP:BuildIntel OptionsOptions
"12180:TCP"= 12180:TCP:BuildIntel MakerVideo
"35691:UDP"= 35691:UDP:BuildIntel Documentswinsxs
"30545:UDP"= 30545:UDP:BuildIntel OfficeDownloaded
"15919:UDP"= 15919:UDP:BuildIntel Documentsinf

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the 'Scheduled Tasks' folder

2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\progra~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe
MSConfigStartUp-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\documents and settings\comp3\Application Data\Mozilla\Firefox\Profiles\6blig0c1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\comp3\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MASTER]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe\" -s:MSSQL.5 -f:MASTER"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MYMATE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:MYMATE"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$SQLEXPRESS_MAS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe\" -s:MSSQL.3 -f:SQLEXPRESS_MAS"

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\2262f094]
"ImagePath"="\SystemRoot\System32\drivers\2262f094.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32mon]
"ServiceDll"="c:\windows\system32\rmtrx.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\comp3\temp\TeamViewer\Version4\TeamViewer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30

Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289

Problem was successfully solved. Ticket was closed.

Problem Summary: i want to clean this trojan

hi
i want to remove the trojan with this file = pic.exe
that always hiding from me and i cant delete it,also it makes a file with the name = autorun.inf
plz help me

Problem was successfully solved. Ticket was closed.

Problem Summary: I can't open my drives by double clicking them

I have a problem with my windows XP when I want to open my drives by double clicking them a command promt windows appear with title of my drive name + " :\pic.exe " and then it close immediatly. I have reinstalled my Windows 3 times but no change appeared.

Problem was successfully solved. Ticket was closed.

Problem Summary: fixmydoom.exe won't run

Tell me I do not have administrator level privledges, but I do,

Problem was successfully solved. Ticket was closed.

Problem Summary: pic.exe

can not open drive of widows

Problem was successfully solved. Ticket was closed.

Problem Summary: win32s.exe

this file was infect to my computer and flash disk and i don'n remove it. thank you...

Problem was successfully solved. Ticket was closed.

« Back to catalog

Home | Partners | Shop | Support | Terms of use | Contact Us | Privacy Policy | Sitemap

Copyright © 2024 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.